macOS 11.3 Patches Security Vulnerability That Bypassed Built-In Malware Protections
Apple today confirmed to TechCrunch that the just-released macOS 11.3 software update patches a security vulnerability that reportedly could have allowed a hacker to remotely access a user's sensitive data by tricking a user into opening a spoofed document.
"All the user would need to do is double click — and no macOS prompts or warnings are generated," said security researcher Cedric Owens, who discovered the vulnerability in mid-March, according to the report. Owens developed a proof-of-concept app masquerading as a harmless document that exploits the bug to launch the Calculator app, but he said the vulnerability could be exploited for more nefarious purposes.
According to security researcher Patrick Wardle, the vulnerability was the result of a logic bug in macOS's underlying code.
"In simple terms, macOS apps aren't a single file but a bundle of different files that the app needs to work, including a property list file that tells the application where the files it depends on are located," explains TechCrunch. "But Owens found that taking out this property file and building the bundle with a particular structure could trick macOS into opening the bundle — and running the code inside — without triggering any warnings."
In addition to fixing the bug in macOS 11.3, Apple told TechCrunch it patched earlier macOS versions to prevent abuse, and updated macOS's built-in anti-malware system XProtect to block malware from exploiting the vulnerability. The report says the bug was exploited for months, but it's unclear how many users were impacted.
Popular Stories
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models at the same time, which is why we often get rumored features months ahead of launch. The iPhone 18 series is no different, and we already have a good idea of what to expect for the iPhone 18 Pro and iPhone 18 Pro Max.
One thing worth...
CES 2026 has just provided a first glimpse of the folding display technology that Apple is expected to use in its upcoming foldable iPhone. At the event, Samsung Display briefly showcased its new crease-less foldable OLED panel beside a Galaxy Z Fold 7, and according to SamMobile, which saw the test booth before it was abruptly removed, the new panel "has no crease at all" in comparison.
The ...
2026 could be a bumper year for Apple's Mac lineup, with the company expected to announce as many as four separate MacBook launches. Rumors suggest Apple will court both ends of the consumer spectrum, with more affordable options for students and feature-rich premium lines for users that seek the highest specifications from a laptop.
Below is a breakdown of what we're expecting over the next ...
Though it's been just a few months since iOS 26 launched, we're already hearing rumors about the next-generation version of iOS, iOS 27. iOS 27 will be introduced at Apple's June WWDC 2026 event before it launches in September 2026.
We don't know all of the details about iOS 27 yet, but we do have some information about what to expect.
"Snow Leopard" Update
iOS 27 will apparently focus...
JPMorgan Chase has reached a deal to take over operation of the Apple Card, reports The Wall Street Journal. Barring any "last minute hiccups," the deal should be announced shortly after over a year of negotiations.
Reports began circulating over two years ago that current Apple Card issuer Goldman Sachs was looking to end its partnership with Apple as part of an effort to scale back on...
Logitech users on macOS found themselves locked out of their mouse customizations yesterday after the company let a security certificate expire, breaking both its Logi Options+ and G HUB configuration apps.
Logitech devices like its MX Master series mice and MX Keys keyboards stopped working properly as a result of the oversight, with users unable to access their custom scrolling setup,...
OpenAI today announced the launch of ChatGPT Health, a dedicated section of ChatGPT where users can ask health-related questions completely separated from their main ChatGPT experience.
For more personalized responses, users can connect various health data services such as Apple Health, Function, MyFitnessPal, Weight Watchers, AllTrails, Instacart, and Peloton. Last month, MacRumors discovere...
Apple has lost another senior figure from its Safari team as a lead designer departs for The Browser Company, extending a pattern of high-profile exits from Apple's browser team amid intensifying competition around AI-driven browsing.
Marco Triverio was a lead designer for Safari and has now joined The Browser Company, the developer of the Arc and Dia browsers. The move was confirmed by The...
